Hi Everyone,
I am currently facing an issue while trying to connect to a client’s SFTP server using a Forge SFTP component (Username + Public/Private Key authentication).
Whenever we attempt to access the SFTP, we receive the following error:
OS-ELRT-60008 - Renci.SshNet.Common.SshOperationTimeoutException:
Connection failed to establish within 30000 milliseconds.
Stack trace (relevant part):
Renci.SshNet.Common.SshOperationTimeoutException:
at DoiTLean.SFTP.SFTP.Search_PrivateKey(...)
Setup Details:
Authentication Method: Username + Public/Private Key
Private key is passed as Binary Data
IP and Port are confirmed correct
Credentials have been verified and are correct
What We Checked:
The SFTP server is reachable from WinSCP when we tested.
Credentials are valid.
Port is correct.
No password-based authentication is used (key-based only).
We raised this with OutSystems Support and were informed that the OutSystems public IP range does not apply to Forge components. This raised some uncertainty on whether the timeout is caused by:
Network restrictions / firewall rules
IP whitelisting issues
Forge component runtime behavior
Something specific to key-based authentication handling
Questions:
Has anyone faced a similar timeout issue using Forge SFTP components?
Do Forge components execute from a different outbound IP range?
Could this be a firewall/IP whitelisting issue on the client SFTP side?
Is there anything specific to Renci.SshNet configuration that we should validate?
Since this is critical for our Phase 2 release, any guidance would be greatly appreciated.
Thanks in advance.
Arjun
@Mudundi Ram Arjun Varma : Looks like there is an IP restrictions at the SFTP server which is causing the timeout issue when connecting from the application. Can you confirm this with your client?
Hi @Siya, Thanks for your response. I suspect the same and then I have used the below link of public avaialable IP addresses. To the client to whitelist.
https://success.outsystems.com/documentation/outsystems_developer_cloud/managing_outsystems_platform_and_apps/allowlisting_odc_public_ip_addresses/
But then when I raised a ticket to Outsystems, The support team reverted back saying that the external code components wont use the above IP addresses and they are unable to track it.
So if we are unable to track the outsystems ODC IP address. How do I communicate with client about the white listing IP's.
If you can suggest me a way would be very helpful thanks.
@Mudundi Ram Arjun Varma : Thank you for the details.
basically OutSystems recommended approach is to connect to internal systems through ODC Private Gateway (https://success.outsystems.com/documentation/outsystems_developer_cloud/managing_outsystems_platform_and_apps/configure_a_private_gateway_to_your_network/)
If ODC Private Gateway is not an option then you need to whitelist the public IPs listed under 'ODC public runtime IP addresses' based on your location of the application. Please note that all apps running on ODC, for all customers, in the same region and stage type will share these IPs.
btw you can get the public IP by calling a REST endpoint https://echo.free.beeceptor.com from your application and it will return the exact public facing IP Address.
Yes we have already shared the above IPs of our location to the client and we still cannot access the SFTP server. Also the above IP is of the device. But I will need the server IP so we could forward this to client to white list. As the SFTP actions are to be run on a timer which runs on server.
I see the problem as mentioned by the OutSystems support - "External code components wont use the above IP addresses ".
The only possibility I see now is ODC Private Gateway.